Bartek, > Now I have > set up test domain, and checked it as you wanted it to be: no > os_fingerprint in triggered policy bank and a '*' in global config: > > Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01) Original mail size: > 1405; quota set to: 702500 bytes > Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01) dynamic > destination: p0f:*:1234 -> p0f:[10.10.3.244]:1234 > Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01) Fingerprint query: > 10.10.3.244 port=1234 195.46.43.224 KgZcfI2cjZsj > Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01) > Checking: KgZcfI2cjZsj MX00 [195.46.43.224] <[EMAIL PROTECTED]> -> > <[EMAIL PROTECTED]>
So what was the IP address reported in a "CONNECT TCP Peer" log entry? Was it 10.10.3.244 or 10.10.3.49? > As you may see, in this case amavisd is trying to ask itself for p0f > service, which is uncorrect, as the connection came from 10.10.3.49. If the "CONNECT TCP Peer" log entry reported 10.10.3.244 but the connection came in from 10.10.3.49, I'd like to see a tcpdump of a connection, taken on this host where amavisd runs (e.g.: tcpdump -i <interface> -s 0 -w 0.log 'tcp port 10024' or similar). > Im not sure if it is haproxy or Net::Server issue, and I have no idea > how to test that, but what is more annoying, that I could walkover this > bug (if it is a bug) with static ip settings for os_fingerprint_method > in policy banks - but in that case nothing happens (as shown in logs > from my previous post). Why is that? The log showed that the following query was sent: Fingerprint query: 10.10.3.49 port=1234 150.254.88.204 o6mMHn6FYEJV i.e., an UDP packet was sent to 10.10.3.49, port 1234. Why a reply did not come back is to be sought in the p0f-analyzer.pl running on 10.10.3.49. Either it was not running, or it refused to listen to foreign queries: you need to adjust its $bind_addr and @inet_acl to let it listen on an ethernet interface (not on a loopback interface) my($bind_addr) = '127.0.0.1'; # bind just to a loopback interface my(@inet_acl) = qw( 127.0.0.1 ); # list of IP addresses from which queries needs to be changed to something like: my($bind_addr) = '0.0.0.0'; # bind to all IPv4 interfaces my(@inet_acl) = qw(10.10.3.244 10.10.3.245 10.10.3.246 10.10.3.247); Mark ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
